Newbie here in PHP and need help for this!

[Nxt_Gate]

Ok.. im doing a kind of registration form for users... so i can deleted user from another page as an admin.. now for example i want to delete a user and i have this link:

href=deleteuser.php?userid=X

where the x depends of the user i want to delete

so in the deleteuser.php file i have a routine or function that delete the user...for example

DELETE FROM TABLE WHERE field=userid...

It works great... my problem or the thing i wanna know is HOW TO PREVENT DELETING DIRECTLY FROM ADDRESS BAR??

for example if i write in the IE address bar this http://server/deleteuser.php?userid=5 it will execute directly the script...

so i want the script only for being executed if the admin or the user that wants to delete the record comes from the page where you choose the user he wants to delete...

I dont know if you get my question.. i would like your help please!

Any question yo ucan tell me!

Thanks!

[Xcalibur]

Hi there,

There are several ways this can be done..

1) Make the delete page check the referrer page URL, so it has to be referred from the page where you have the click link...

2) Write a password authorization script and make it so you have to type a password in before it works, or have it check for a cookie which you can make it place when you login as admin on the page where you have the link.

3) Place the deleteuser.php into a folder and place a htaccess file inside the folder and make it password protected.

Hope that helps!

[Nxt_Gate]

Originally posted by Xcalibur

1) Make the delete page check the referrer page URL, so it has to be referred from the page where you have the click link...

i can i do this???...

:old:

[YahoKa]

DO NOT DO THAT!!! It does work, BUT the information for the page that you just came from is supplied by the browser, so it is easy to spoof, making that a huge security problem. You'll have to make a login scheme.

[Xcalibur]

Here's the code.. I don't know if doing it this way is 100% secure though, anyone know if its possible to forge refer info? It might be, not sure tho..anywho, it will keep most users out unless they are determined...

Stick this at the very top:

<?php

if (!strstr($HTTP_REFERER, "Whatever the url of the page is goes here"))

{

  print "Go away.";

  exit;

}

?>

[/PHP]

That should work...

X.

[Xcalibur]

Ok. i was right.. it is a security risk..

You can use the other 2 ways though.. thats secure.

If you arent that great with PHP and cant program your own login script, just use the htaccess method. its very secure.

[Nxt_Gate]

Thank You guys... ya know an url that has some xplanation about the htaccess and all that stuff??

Thanks Again!

[Xcalibur]

Here you go:

http://www.tripod.lycos.co.uk/webmaster/to...dmin-workshop1/

[Nxt_Gate]

Man Thanks again... the first method is working very well... ill apply the rest of the methods you told me too... !

Thansk for the URL!

[sunshock]

new here at PHP, any suggestions on a really good reference book to get me started.

have programming experience with ASP / C++ / SQL.

thanks,

:(

[Xcalibur]

Hi sunshock,

I learned without any books, so I wouldn't know of any good ones.. but the way I learned was by reading the php manual at http://www.php.net/

It's free, and if you already know a bit of programming, it shouldn't be that hard.

Hope that helps,

Xcalibur

[sunshock]

thanks loads, downloading now

[Nxt_Gate]

Another question but a little diferent..

i have some data in my db, so im looking for a function or anything i can read about this... i want to retrieve my data from the database and put it on a table but if i have 100 rrecords i dont want to show them all i would like to have something like search results in yahoo, google, etc etc etc.. that you only show 10 results and if you hit back or next links you go to the next 10 records ..

Thanks!

[Xcalibur]

Hey Nxt_Gate,

I'm not that good with SQL queries, I'm still learning that part, so I won't be able to help you with that, maybe someone else can answer...

Sorry,

Xcalibur

[YahoKa]

Originally posted by Nxt_Gate

Another question but a little diferent..

i have some data in my db, so im looking for a function or anything i can read about this... i want to retrieve my data from the database and put it on a table but if i have 100 rrecords i dont want to show them all i would like to have something like search results in yahoo, google, etc etc etc.. that you only show 10 results and if you hit back or next links you go to the next 10 records ..

Thanks!

Well that script is pretty complicated for a newbie :p It'll take time for you to do ...

All i have to contribute is about the searching: Remember that % is the wildcard in SQL, so if you search user descriptions for %ugly% , the database will return all records for ugly people.